Incidents and indicators investigation - Administrator Guide - 8.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR On-prem Documentation

Product
Cortex XSOAR
Version
8.5
Creation date
2024-03-10
Last date published
2025-01-15
Category
Administrator Guide
Solution
On-prem
Abstract

Investigate incidents and indicators that have been ingested into Cortex XSOAR.

Cortex XSOAR enables you to centralize and manage every aspect of your investigations. Consolidate evidence, assign and review tasks, and leverage the Workplan to orchestrate your response. Deduplicate incidents and create and close them efficiently. For indicators, create, extract and enrich them, and explore their relationships to gain deeper insights. If you have a TIM license, see the Indicator investigation section for more features, such as Unit 42 Intel data and creating a Threat Intel Report.